JVM dependency intelligence via Maven Tools MCP server. Use when user asks about Java/Kotlin/Scala dependencies, versions, upgrades, CVEs, or licenses. Use when analyzing pom.xml, build.gradle, or any Maven Central dependency. Use when user says 'check my dependencies', 'should I upgrade X', 'is this version safe', or 'what's the latest version of Y'.
Analyzes JVM dependencies for security vulnerabilities, version upgrades, and license risks.
/plugin marketplace add arvindand/agent-skills/plugin install arvindand-agent-skills@arvindand/agent-skillsThis skill is limited to using the following tools:
LICENSEDependency intelligence for JVM projects via Maven Tools MCP server.
Requires Maven Tools MCP server configured in your MCP client.
Recommended setup (Claude Desktop):
{
"mcpServers": {
"maven-tools": {
"command": "docker",
"args": ["run", "-i", "--rm", "arvindand/maven-tools-mcp:latest-noc7"]
}
}
}
Why -noc7? The latest-noc7 variant focuses purely on dependency intelligence. For documentation lookup, use the separate context7 skill which provides broader coverage and works independently. This modular approach means dependency tools work even if Context7 is blocked.
Activate automatically when:
Pick the right tool for the task (8 tools available):
| User Intent | Tool | Key Parameters |
|---|---|---|
| "Latest version of X" | get_latest_version | stabilityFilter: PREFER_STABLE (default) |
| "Does version X.Y.Z exist?" | check_version_exists | — |
| "Check these dependencies" (no versions) | check_multiple_dependencies | stabilityFilter |
| "Should I upgrade from X to Y?" | compare_dependency_versions | includeSecurityScan: true |
| "How old are my dependencies?" | analyze_dependency_age | maxAgeInDays threshold |
| "Is this library maintained?" | analyze_release_patterns | monthsToAnalyze: 24 |
| "Show version history" | get_version_timeline | versionCount: 20 |
| "Full health check" | analyze_project_health | includeSecurityScan, includeLicenseScan |
Default choice: When user says "check my dependencies" or pastes a pom.xml → use analyze_project_health for comprehensive analysis.
Control which versions are returned:
| Filter | Use When |
|---|---|
PREFER_STABLE | Default for recommendations — prioritizes stable, includes others |
STABLE_ONLY | Production upgrades — no RC/beta/alpha |
ALL | Research — see everything including snapshots |
analyze_project_health with:
includeSecurityScan: trueincludeLicenseScan: truecompare_dependency_versions with current and target versionsscripts/context7.py search "spring boot"scripts/context7.py docs "<library-id>" "migration guide"get_latest_version to check if user's version is currentanalyze_release_patterns to verify active maintenanceanalyze_project_health to compare candidatesAll tools expect Maven coordinates:
groupId:artifactId
Examples:
org.springframework.boot:spring-boot-startercom.fasterxml.jackson.core:jackson-databindorg.junit.jupiter:junit-jupiterFrom Gradle: Convert implementation("group:artifact:version") → group:artifact
Maven Tools provides version intelligence. For migration guides and API documentation, delegate to the context7 skill.
Workflow:
Example chain:
User: "Should I upgrade Spring Boot from 2.7 to 3.2?"
→ maven-tools: compare_dependency_versions
Result: Major upgrade, 3.2.1 available, no CVEs
→ context7: scripts/context7.py search "spring boot"
→ context7: scripts/context7.py docs "/spring-projects/spring-boot" "2.7 to 3 migration"
Result: javax→jakarta migration steps, config changes
→ Combined response: Version analysis + migration steps
This separation means:
| Score | Meaning |
|---|---|
| 80-100 | Healthy — recent releases, no CVEs |
| 60-79 | Good — minor concerns |
| 40-59 | Aging — consider updates |
| 0-39 | Stale — maintenance risk |
| Class | Age | Action |
|---|---|---|
| fresh | <6 months | No action needed |
| current | 6-12 months | Monitor |
| aging | 1-2 years | Plan upgrade |
| stale | >2 years | Upgrade or replace |
| Type | Production Safe? |
|---|---|
| stable | ✅ Yes |
| rc | ⚠️ Test thoroughly |
| beta | ⚠️ Non-critical only |
| alpha | ❌ Development only |
| milestone | ⚠️ Early adopters |
| snapshot | ❌ Never in production |
User: "What's the latest stable Spring Boot?"
→ get_latest_version
groupId: org.springframework.boot
artifactId: spring-boot-starter
stabilityFilter: STABLE_ONLY
User: "I'm on Spring Boot 2.7.18, should I upgrade?"
→ compare_dependency_versions
dependencies: ["org.springframework.boot:spring-boot-starter:2.7.18"]
includeSecurityScan: true
→ If major upgrade available, delegate to context7 skill:
scripts/context7.py search "spring boot"
scripts/context7.py docs "/spring-projects/spring-boot" "2.7 to 3 migration"
User: "Analyze my pom.xml" (pastes file)
→ Extract all dependencies from pom.xml
→ analyze_project_health
dependencies: [extracted list]
includeSecurityScan: true
includeLicenseScan: true
| Issue | Action |
|---|---|
| MCP tools unavailable | Inform user: "Maven Tools MCP server not configured. Install from https://github.com/arvindand/maven-tools-mcp — use latest-noc7 image since we have context7 skill for docs." |
| Dependency not found | Verify groupId:artifactId format, check Maven Central |
| Context7 skill unavailable | Fall back to web search for documentation |
| Security scan slow | Results still return, CVE data may be partial |
| Unknown version type | Treat as unstable, recommend stable alternative |
License: MIT Requires: Maven Tools MCP server (
latest-noc7recommended) Pairs with: context7 skill for documentation lookup
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.